Access Control for Auto-Created Physical Destinations

The final section of the ACL properties file, includes access rules
that specify for which users and groups the broker will auto-create a physical
destination.

When a user creates a producer or consumer at a physical destination
that does not already exist, the broker will create the destination if the
broker’s auto-create property has been enabled.

By default, any user or group has the privilege of having a physical
destination auto-created by the broker. This privilege is specified by the
following rules:

queue.create.allow.user=*
topic.create.allow.user=*

You can edit the ACL file to restrict this type of access.

The general syntax for physical destination auto-create access rules
is as follows:

resourceType.create.access.principalType=principals

Where resourceType is either queue or topic.

For example, the following rules allow the broker to auto-create topic
destinations for everyone except Snoopy.

topic.create.allow.user=*
topic.create.deny.user=Snoopy

Note that the effect of physical destination auto-create rules must
be congruent with that of physical destination access rules. For example,
if you 1) change the destination access rule to forbid any user from sending
a message to a destination but 2) enable the auto-creation of the destination,
the broker will create the physical destination if it
does not exist but it will not deliver a message to it.